<HTML><HEAD><TITLE>Mail</TITLE>
<META content="KsDHTMLEDLib.ocx, FreeWare HTML Editor 1.164.2, ?Kurt Senfer"
name=GENERATOR>
<META http-equiv=Content-Type content="text/html; charset=GB2312"></HEAD>
<BODY style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体" leftMargin=5 topMargin=5 #ffffff>
<DIV>hi</DIV>
<DIV> </DIV>
<DIV>In my last reply, I have shown that I edited the default file, and it has
been really read by the radiusd. </DIV>
<DIV> </DIV>
<DIV>Actually, If I fix the error by :</DIV>
<DIV> </DIV>
<DIV>Auth-Type eap
{<BR>
eap
{<BR>
handled =
1<BR>
}<BR>
if (handled && (Response-Packet-Type == Access-Challenge))
{<BR>
attr_filter.access_challenge.post-auth<BR>
handled </DIV>
<DIV># override the "updated" code from attr_filter (<-- notice this
line)<BR>
}<BR> }<BR>}</DIV>
<DIV> </DIV>
<DIV>And the radiusd will work normally. And I can see debug output like the
following:</DIV>
<DIV> </DIV>
<DIV>Thu May 27 00:09:59 2010 : Debug: server {<BR>Thu May 27 00:09:59 2010 :
Debug: modules {<BR>Thu May 27 00:09:59 2010 : Debug: Module:
Checking authenticate {...} for more modules to load<BR>Thu May 27 00:09:59 2010
: Debug: Module: Instantiating attr_filter.access_challenge<BR>Thu May 27
00:09:59 2010 : Debug: ****** attr_filter_instantiate <BR>Thu May 27 00:09:59
2010 : Debug: attr_filter attr_filter.access_challenge {<BR>Thu May
27 00:09:59 2010 : Debug: attrsfile =
"/usr/local/etc/raddb/attrs.access_challenge"<BR>Thu May 27 00:09:59 2010 :
Debug: key = "%{User-Name}"<BR>Thu May 27 00:09:59 2010 :
Debug: }<BR>Thu May 27 00:09:59 2010 : Debug: ****** getattrsfile
<BR>Thu May 27 00:09:59 2010 : Debug: Module: Instantiating handled<BR>Thu
May 27 00:09:59 2010 : Debug: always handled {<BR>Thu May 27
00:09:59 2010 : Debug: rcode = "handled"<BR>Thu May 27 00:09:59 2010 :
Debug: simulcount = 0<BR>Thu May 27 00:09:59 2010 : Debug: mpp =
no<BR>Thu May 27 00:09:59 2010 : Debug: }<BR>Thu May 27 00:09:59
2010 : Debug: Module: Checking authorize {...} for more modules to
load<BR>Thu May 27 00:09:59 2010 : Debug: (Loaded
rlm_preprocess, checking if it's valid)<BR>Thu May 27 00:09:59 2010 :
Debug: Module: Linked to module rlm_preprocess<BR></DIV>
<DIV>I think it just shows the attr_filter attr_filter.access_challenge is now
loaded by server.(I don't know if it is, since I don't know what will be
the *right* output.)</DIV>
<DIV> </DIV>
<DIV>However, the filter does not work.</DIV>
<DIV> </DIV>
<DIV>Can anyone tell me what the problem is?</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Best Regards</DIV>
<DIV>2010-05-27 </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV
style="FONT-WEIGHT: normal; FONT-SIZE: 9pt; LINE-HEIGHT: normal; FONT-STYLE: normal; FONT-VARIANT: normal">-----
Original Message ----- </DIV>
<DIV
style="FONT-WEIGHT: normal; FONT-SIZE: 9pt; BACKGROUND: #e4e4e4; LINE-HEIGHT: normal; FONT-STYLE: normal; FONT-VARIANT: normal; font-color: black"><B>From:
</B><A href="mailto:weiweif@126.com">WWF</A> </DIV>
<DIV
style="FONT-WEIGHT: normal; FONT-SIZE: 9pt; LINE-HEIGHT: normal; FONT-STYLE: normal; FONT-VARIANT: normal"><B>To:
</B><A href="mailto:freeradius-users@lists.freeradius.org">FreeRadius users
mailing list</A> </DIV>
<DIV
style="FONT-WEIGHT: normal; FONT-SIZE: 9pt; LINE-HEIGHT: normal; FONT-STYLE: normal; FONT-VARIANT: normal"><B>Sent:
</B>2010-05-27, 11:35:40</DIV>
<DIV
style="FONT-WEIGHT: normal; FONT-SIZE: 9pt; LINE-HEIGHT: normal; FONT-STYLE: normal; FONT-VARIANT: normal"><B>Subject:
</B>Re:Re: still about how to return some attributes only inAccess-Accept
packet</DIV>
<DIV><BR></DIV>
<DIV></DIV>
<DIV></DIV>
<DIV>Thanks for your kindly reply. <BR>Now I edited the default file in
/usr/local/etc/raddb/sites-enabled, notice that "handled # override the
"updated" code from attr_filter" (it will cause an error for my Radiusd):
<BR>
#<BR> # Allow EAP
authentication.<BR>
eap<BR><BR>
#<BR> # The older
configurations sent a number of attributes
in<BR> # Access-Challenge
packets, which wasn't strictly
correct.<BR> # If you want to
filter out these attributes,
uncomment<BR> # the following
lines.<BR>
#<BR> Auth-Type eap
{<BR>
eap
{<BR>
handled =
1<BR>
}<BR>
if (handled && (Response-Packet-Type == Access-Challenge))
{<BR>
attr_filter.access_challenge.post-auth<BR>
handled # override the "updated" code from
attr_filter<BR>
}<BR> }<BR>}<BR><BR>The radiusd
debug output is as follows:<BR><BR>root@ubuntu:/usr/local/var/log/radius#
radiusd -Xxxxx<BR>Wed May 26 20:30:20 2010 : Info: FreeRADIUS Version 2.1.9,
for host i686-pc-linux-gnu, built on May 26 2010 at 02:10:20<BR>Wed May 26
20:30:20 2010 : Info: Copyright (C) 1999-2009 The FreeRADIUS server project
and contributors. <BR>Wed May 26 20:30:20 2010 : Info: There is NO warranty;
not even for MERCHANTABILITY or FITNESS FOR A <BR>Wed May 26 20:30:20 2010 :
Info: PARTICULAR PURPOSE. <BR>Wed May 26 20:30:20 2010 : Info: You may
redistribute copies of FreeRADIUS under the terms of the <BR>Wed May 26
20:30:20 2010 : Info: GNU General Public License v2. <BR>Wed May 26 20:30:20
2010 : Info: Starting - reading configuration files ...<BR>Wed May 26 20:30:20
2010 : Debug: including configuration file
/usr/local/etc/raddb/radiusd.conf<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/proxy.conf<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/clients.conf<BR>Wed May 26 20:30:20 2010 : Debug:
including files in directory /usr/local/etc/raddb/modules/<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/acct_unique<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file
/usr/local/etc/raddb/modules/detail.example.com<BR>Wed May 26 20:30:20 2010 :
Debug: including configuration file
/usr/local/etc/raddb/modules/logintime<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/etc_group<BR>Wed May
26 20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/realm<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/ntlm_auth<BR>Wed May
26 20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/krb5<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login<BR>Wed May 26 20:30:20
2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/passwd<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/counter<BR>Wed May
26 20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/detail.log<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/linelog<BR>Wed May
26 20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/unix<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/smsotp<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/chap<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/policy<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/radutmp<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/always<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/exec<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/otp<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/detail<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/cui<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/mac2vlan<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/mac2ip<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/ldap<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/ippool<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/attr_rewrite<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/expr<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/preprocess<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/digest<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/checkval<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/wimax<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/pap<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/attr_filter<BR>Wed
May 26 20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/sradutmp<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/inner-eap<BR>Wed May
26 20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/echo<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/mschap<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/sql_log<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/smbpasswd<BR>Wed May
26 20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/expiration<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/pam<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/modules/files<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/modules/perl<BR>Wed May 26
20:30:20 2010 : Debug: including configuration file
/usr/local/etc/raddb/eap.conf<BR>Wed May 26 20:30:20 2010 : Debug: including
configuration file /usr/local/etc/raddb/policy.conf<BR>Wed May 26 20:30:20
2010 : Debug: including files in directory
/usr/local/etc/raddb/sites-enabled/<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket<BR>Wed May 26 20:30:20 2010
: Debug: including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel<BR>Wed May 26 20:30:20 2010 :
Debug: including configuration file
/usr/local/etc/raddb/sites-enabled/status<BR>Wed May 26 20:30:20 2010 : Debug:
including configuration file /usr/local/etc/raddb/sites-enabled/default<BR>Wed
May 26 20:30:20 2010 : Debug: main {<BR>Wed May 26 20:30:20 2010 : Debug:
allow_core_dumps = no<BR>Wed May 26 20:30:20 2010 : Debug:
}<BR>Wed May 26 20:30:20 2010 : Debug: including dictionary file
/usr/local/etc/raddb/dictionary<BR>Wed May 26 20:30:20 2010 : Debug: main
{<BR>Wed May 26 20:30:20 2010 : Debug: prefix =
"/usr/local"<BR>Wed May 26 20:30:20 2010 : Debug:
localstatedir = "/usr/local/var"<BR>Wed May 26 20:30:20 2010 : Debug:
logdir = "/usr/local/var/log/radius"<BR>Wed May 26 20:30:20
2010 : Debug: libdir = "/usr/local/lib"<BR>Wed May 26
20:30:20 2010 : Debug: radacctdir =
"/usr/local/var/log/radius/radacct"<BR>Wed May 26 20:30:20 2010 : Debug:
hostname_lookups = no<BR>Wed May 26 20:30:20 2010 : Debug:
max_request_time = 30<BR>Wed May 26 20:30:20 2010 : Debug:
cleanup_delay = 5<BR>Wed May 26 20:30:20 2010 : Debug:
max_requests = 1024<BR>Wed May 26 20:30:20 2010 : Debug:
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"<BR>Wed
May 26 20:30:20 2010 : Debug: checkrad =
"/usr/local/sbin/checkrad"<BR>Wed May 26 20:30:20 2010 : Debug:
debug_level = 0<BR>Wed May 26 20:30:20 2010 : Debug:
proxy_requests = yes<BR>Wed May 26 20:30:20 2010 :
Debug: log {<BR>Wed May 26 20:30:20 2010 : Debug:
stripped_names = yes<BR>Wed May 26 20:30:20 2010 : Debug:
auth = yes<BR>Wed May 26 20:30:20 2010 : Debug:
auth_badpass = yes<BR>Wed May 26 20:30:20 2010 : Debug:
auth_goodpass = yes<BR>Wed May 26 20:30:20 2010 : Debug: }<BR>Wed May 26
20:30:20 2010 : Debug: security {<BR>Wed May 26 20:30:20 2010 : Debug:
max_attributes = 200<BR>Wed May 26 20:30:20 2010 : Debug:
reject_delay = 1<BR>Wed May 26 20:30:20 2010 : Debug:
status_server = yes<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: }<BR>Wed May 26 20:30:20
2010 : Debug: radiusd: #### Loading Realms and Home Servers ####<BR>Wed May 26
20:30:20 2010 : Debug: proxy server {<BR>Wed May 26 20:30:20 2010 :
Debug: retry_delay = 5<BR>Wed May 26 20:30:20 2010 : Debug:
retry_count = 3<BR>Wed May 26 20:30:20 2010 : Debug:
default_fallback = no<BR>Wed May 26 20:30:20 2010 : Debug:
dead_time = 120<BR>Wed May 26 20:30:20 2010 : Debug:
wake_all_if_all_dead = no<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: home_server
localhost {<BR>Wed May 26 20:30:20 2010 : Debug: ipaddr =
127.0.0.1<BR>Wed May 26 20:30:20 2010 : Debug: port =
1812<BR>Wed May 26 20:30:20 2010 : Debug: type =
"auth"<BR>Wed May 26 20:30:20 2010 : Debug: secret =
"testing123"<BR>Wed May 26 20:30:20 2010 : Debug:
response_window = 20<BR>Wed May 26 20:30:20 2010 : Debug:
max_outstanding = 65536<BR>Wed May 26 20:30:20 2010 : Debug:
require_message_authenticator = no<BR>Wed May 26 20:30:20
2010 : Debug: zombie_period = 40<BR>Wed May 26 20:30:20
2010 : Debug: status_check = "status-server"<BR>Wed May 26
20:30:20 2010 : Debug: ping_interval = 30<BR>Wed May 26
20:30:20 2010 : Debug: check_interval = 30<BR>Wed May 26
20:30:20 2010 : Debug: num_answers_to_alive = 3<BR>Wed May
26 20:30:20 2010 : Debug: num_pings_to_alive = 3<BR>Wed May
26 20:30:20 2010 : Debug: revive_interval = 120<BR>Wed May
26 20:30:20 2010 : Debug: status_check_timeout = 4<BR>Wed
May 26 20:30:20 2010 : Debug: irt = 2<BR>Wed May 26
20:30:20 2010 : Debug: mrt = 16<BR>Wed May 26 20:30:20 2010
: Debug: mrc = 5<BR>Wed May 26 20:30:20 2010 : Debug:
mrd = 30<BR>Wed May 26 20:30:20 2010 : Debug:
}<BR>Wed May 26 20:30:20 2010 : Debug: home_server_pool my_auth_failover
{<BR>Wed May 26 20:30:20 2010 : Debug: type =
fail-over<BR>Wed May 26 20:30:20 2010 : Debug: home_server
= localhost<BR>Wed May 26 20:30:20 2010 : Debug: }<BR>Wed May 26
20:30:20 2010 : Debug: realm example.com {<BR>Wed May 26 20:30:20 2010 :
Debug: auth_pool = my_auth_failover<BR>Wed May 26 20:30:20
2010 : Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: realm LOCAL
{<BR>Wed May 26 20:30:20 2010 : Debug: }<BR>Wed May 26 20:30:20 2010 :
Debug: radiusd: #### Loading Clients ####<BR>Wed May 26 20:30:20 2010 :
Debug: client localhost {<BR>Wed May 26 20:30:20 2010 : Debug:
ipaddr = 127.0.0.1<BR>Wed May 26 20:30:20 2010 : Debug:
require_message_authenticator = no<BR>Wed May 26 20:30:20
2010 : Debug: secret = "testing123"<BR>Wed May 26 20:30:20
2010 : Debug: nastype = "other"<BR>Wed May 26 20:30:20 2010
: Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: radiusd: ####
Instantiating modules ####<BR>Wed May 26 20:30:20 2010 : Debug:
instantiate {<BR>Wed May 26 20:30:20 2010 : Debug:
(Loaded rlm_exec, checking if it's valid)<BR>Wed May 26 20:30:20 2010 :
Debug: Module: Linked to module rlm_exec<BR>Wed May 26 20:30:20 2010 :
Debug: Module: Instantiating exec<BR>Wed May 26 20:30:20 2010 :
Debug: exec {<BR>Wed May 26 20:30:20 2010 : Debug:
wait = no<BR>Wed May 26 20:30:20 2010 : Debug:
input_pairs = "request"<BR>Wed May 26 20:30:20 2010 :
Debug: shell_escape = yes<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 :
Debug: (Loaded rlm_expr, checking if it's
valid)<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to module
rlm_expr<BR>Wed May 26 20:30:20 2010 : Debug: Module: Instantiating
expr<BR>Wed May 26 20:30:20 2010 : Debug: (Loaded
rlm_expiration, checking if it's valid)<BR>Wed May 26 20:30:20 2010 :
Debug: Module: Linked to module rlm_expiration<BR>Wed May 26 20:30:20
2010 : Debug: Module: Instantiating expiration<BR>Wed May 26 20:30:20
2010 : Debug: expiration {<BR>Wed May 26 20:30:20 2010 : Debug:
reply-message = "Password Has Expired "<BR>Wed May 26
20:30:20 2010 : Debug: }<BR>Wed May 26 20:30:20 2010 :
Debug: (Loaded rlm_logintime, checking if it's
valid)<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to module
rlm_logintime<BR>Wed May 26 20:30:20 2010 : Debug: Module: Instantiating
logintime<BR>Wed May 26 20:30:20 2010 : Debug: logintime {<BR>Wed
May 26 20:30:20 2010 : Debug: reply-message = "You are
calling outside your allowed timespan "<BR>Wed May 26 20:30:20 2010 :
Debug: minimum-timeout = 60<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: }<BR>Wed May
26 20:30:20 2010 : Debug: radiusd: #### Loading Virtual Servers ####<BR>Wed
May 26 20:30:20 2010 : Debug: server inner-tunnel {<BR>Wed May 26 20:30:20
2010 : Debug: modules {<BR>Wed May 26 20:30:20 2010 : Debug:
Module: Checking authenticate {...} for more modules to load<BR>Wed May 26
20:30:20 2010 : Debug: (Loaded rlm_pap, checking if
it's valid)<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to
module rlm_pap<BR>Wed May 26 20:30:20 2010 : Debug: Module:
Instantiating pap<BR>Wed May 26 20:30:20 2010 : Debug: pap
{<BR>Wed May 26 20:30:20 2010 : Debug: encryption_scheme =
"auto"<BR>Wed May 26 20:30:20 2010 : Debug: auto_header =
no<BR>Wed May 26 20:30:20 2010 : Debug: }<BR>Wed May 26 20:30:20
2010 : Debug: (Loaded rlm_chap, checking if it's
valid)<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to module
rlm_chap<BR>Wed May 26 20:30:20 2010 : Debug: Module: Instantiating
chap<BR>Wed May 26 20:30:20 2010 : Debug: (Loaded
rlm_mschap, checking if it's valid)<BR>Wed May 26 20:30:20 2010 : Debug:
Module: Linked to module rlm_mschap<BR>Wed May 26 20:30:20 2010 : Debug:
Module: Instantiating mschap<BR>Wed May 26 20:30:20 2010 : Debug:
mschap {<BR>Wed May 26 20:30:20 2010 : Debug: use_mppe =
yes<BR>Wed May 26 20:30:20 2010 : Debug: require_encryption
= no<BR>Wed May 26 20:30:20 2010 : Debug: require_strong =
no<BR>Wed May 26 20:30:20 2010 : Debug: with_ntdomain_hack
= no<BR>Wed May 26 20:30:20 2010 : Debug: }<BR>Wed May 26 20:30:20
2010 : Debug: (Loaded rlm_unix, checking if it's
valid)<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to module
rlm_unix<BR>Wed May 26 20:30:20 2010 : Debug: Module: Instantiating
unix<BR>Wed May 26 20:30:20 2010 : Debug: unix {<BR>Wed May 26
20:30:20 2010 : Debug: radwtmp =
"/usr/local/var/log/radius/radwtmp"<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 :
Debug: (Loaded rlm_eap, checking if it's valid)<BR>Wed
May 26 20:30:20 2010 : Debug: Module: Linked to module rlm_eap<BR>Wed
May 26 20:30:20 2010 : Debug: Module: Instantiating eap<BR>Wed May 26
20:30:20 2010 : Debug: eap {<BR>Wed May 26 20:30:20 2010 : Debug:
default_eap_type = "md5"<BR>Wed May 26 20:30:20 2010 :
Debug: timer_expire = 60<BR>Wed May 26 20:30:20 2010 :
Debug: ignore_unknown_eap_types = no<BR>Wed May 26 20:30:20
2010 : Debug: cisco_accounting_username_bug = no<BR>Wed May
26 20:30:20 2010 : Debug: max_sessions = 4096<BR>Wed May 26
20:30:20 2010 : Debug: }<BR>Wed May 26 20:30:20 2010 :
Debug: Module: Linked to sub-module rlm_eap_md5<BR>Wed May 26 20:30:20
2010 : Debug: Module: Instantiating eap-md5<BR>Wed May 26 20:30:20 2010
: Debug: Module: Linked to sub-module rlm_eap_leap<BR>Wed May 26
20:30:20 2010 : Debug: Module: Instantiating eap-leap<BR>Wed May 26
20:30:20 2010 : Debug: Module: Linked to sub-module rlm_eap_gtc<BR>Wed
May 26 20:30:20 2010 : Debug: Module: Instantiating eap-gtc<BR>Wed May
26 20:30:20 2010 : Debug: gtc {<BR>Wed May 26 20:30:20 2010
: Debug: challenge = "Password: "<BR>Wed May 26 20:30:20
2010 : Debug: auth_type = "PAP"<BR>Wed May 26 20:30:20 2010
: Debug: }<BR>Wed May 26 20:30:20 2010 : Debug:
Module: Linked to sub-module rlm_eap_tls<BR>Wed May 26 20:30:20 2010 :
Debug: Module: Instantiating eap-tls<BR>Wed May 26 20:30:20 2010 :
Debug: tls {<BR>Wed May 26 20:30:20 2010 : Debug:
rsa_key_exchange = no<BR>Wed May 26 20:30:20 2010 : Debug:
dh_key_exchange = yes<BR>Wed May 26 20:30:20 2010 : Debug:
rsa_key_length = 512<BR>Wed May 26 20:30:20 2010 : Debug:
dh_key_length = 512<BR>Wed May 26 20:30:20 2010 : Debug:
verify_depth = 0<BR>Wed May 26 20:30:20 2010 : Debug:
pem_file_type = yes<BR>Wed May 26 20:30:20 2010 : Debug:
private_key_file =
"/usr/local/etc/raddb/certs/server.pem"<BR>Wed May 26 20:30:20 2010 : Debug:
certificate_file =
"/usr/local/etc/raddb/certs/server.pem"<BR>Wed May 26 20:30:20 2010 : Debug:
CA_file = "/usr/local/etc/raddb/certs/ca.pem"<BR>Wed May 26
20:30:20 2010 : Debug: private_key_password =
"whatever"<BR>Wed May 26 20:30:20 2010 : Debug: dh_file =
"/usr/local/etc/raddb/certs/dh"<BR>Wed May 26 20:30:20 2010 : Debug:
random_file = "/usr/local/etc/raddb/certs/random"<BR>Wed
May 26 20:30:20 2010 : Debug: fragment_size = 1024<BR>Wed
May 26 20:30:20 2010 : Debug: include_length = yes<BR>Wed
May 26 20:30:20 2010 : Debug: check_crl = no<BR>Wed May 26
20:30:20 2010 : Debug: cipher_list = "DEFAULT"<BR>Wed May
26 20:30:20 2010 : Debug: make_cert_command =
"/usr/local/etc/raddb/certs/bootstrap"<BR>Wed May 26 20:30:20 2010 :
Debug: cache {<BR>Wed May 26 20:30:20 2010 : Debug:
enable = no<BR>Wed May 26 20:30:20 2010 : Debug:
lifetime = 24<BR>Wed May 26 20:30:20 2010 : Debug:
max_entries = 255<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: Module:
Linked to sub-module rlm_eap_ttls<BR>Wed May 26 20:30:20 2010 : Debug:
Module: Instantiating eap-ttls<BR>Wed May 26 20:30:20 2010 :
Debug: ttls {<BR>Wed May 26 20:30:20 2010 : Debug:
default_eap_type = "md5"<BR>Wed May 26 20:30:20 2010 :
Debug: copy_request_to_tunnel = no<BR>Wed May 26 20:30:20
2010 : Debug: use_tunneled_reply = no<BR>Wed May 26
20:30:20 2010 : Debug: virtual_server =
"inner-tunnel"<BR>Wed May 26 20:30:20 2010 : Debug:
include_length = yes<BR>Wed May 26 20:30:20 2010 : Debug:
}<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to sub-module
rlm_eap_peap<BR>Wed May 26 20:30:20 2010 : Debug: Module: Instantiating
eap-peap<BR>Wed May 26 20:30:20 2010 : Debug: peap {<BR>Wed
May 26 20:30:20 2010 : Debug: default_eap_type =
"mschapv2"<BR>Wed May 26 20:30:20 2010 : Debug:
copy_request_to_tunnel = no<BR>Wed May 26 20:30:20 2010 : Debug:
use_tunneled_reply = no<BR>Wed May 26 20:30:20 2010 :
Debug: proxy_tunneled_request_as_eap = yes<BR>Wed May 26
20:30:20 2010 : Debug: virtual_server =
"inner-tunnel"<BR>Wed May 26 20:30:20 2010 : Debug: }<BR>Wed
May 26 20:30:20 2010 : Debug: Module: Linked to sub-module
rlm_eap_mschapv2<BR>Wed May 26 20:30:20 2010 : Debug: Module:
Instantiating eap-mschapv2<BR>Wed May 26 20:30:20 2010 :
Debug: mschapv2 {<BR>Wed May 26 20:30:20 2010 : Debug:
with_ntdomain_hack = no<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: Module:
Checking authorize {...} for more modules to load<BR>Wed May 26 20:30:20 2010
: Debug: (Loaded rlm_realm, checking if it's
valid)<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to module
rlm_realm<BR>Wed May 26 20:30:20 2010 : Debug: Module: Instantiating
suffix<BR>Wed May 26 20:30:20 2010 : Debug: realm suffix {<BR>Wed
May 26 20:30:20 2010 : Debug: format = "suffix"<BR>Wed May
26 20:30:20 2010 : Debug: delimiter = "@"<BR>Wed May 26
20:30:20 2010 : Debug: ignore_default = no<BR>Wed May 26
20:30:20 2010 : Debug: ignore_null = no<BR>Wed May 26
20:30:20 2010 : Debug: }<BR>Wed May 26 20:30:20 2010 :
Debug: (Loaded rlm_files, checking if it's
valid)<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to module
rlm_files<BR>Wed May 26 20:30:20 2010 : Debug: Module: Instantiating
files<BR>Wed May 26 20:30:20 2010 : Debug: files {<BR>Wed May 26
20:30:20 2010 : Debug: usersfile =
"/usr/local/etc/raddb/users"<BR>Wed May 26 20:30:20 2010 : Debug:
acctusersfile = "/usr/local/etc/raddb/acct_users"<BR>Wed
May 26 20:30:20 2010 : Debug: preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"<BR>Wed May 26 20:30:20 2010 : Debug:
compat = "no"<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: Module:
Checking session {...} for more modules to load<BR>Wed May 26 20:30:20 2010 :
Debug: (Loaded rlm_radutmp, checking if it's
valid)<BR>Wed May 26 20:30:20 2010 : Debug: Module: Linked to module
rlm_radutmp<BR>Wed May 26 20:30:20 2010 : Debug: Module: Instantiating
radutmp<BR>Wed May 26 20:30:20 2010 : Debug: radutmp {<BR>Wed May
26 20:30:20 2010 : Debug: filename =
"/usr/local/var/log/radius/radutmp"<BR>Wed May 26 20:30:20 2010 : Debug:
username = "%{User-Name}"<BR>Wed May 26 20:30:20 2010 :
Debug: case_sensitive = yes<BR>Wed May 26 20:30:20 2010 :
Debug: check_with_nas = yes<BR>Wed May 26 20:30:20 2010 :
Debug: perm = 384<BR>Wed May 26 20:30:20 2010 : Debug:
callerid = yes<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: Module:
Checking post-proxy {...} for more modules to load<BR>Wed May 26 20:30:20 2010
: Debug: Module: Checking post-auth {...} for more modules to
load<BR>Wed May 26 20:30:20 2010 : Debug: (Loaded
rlm_attr_filter, checking if it's valid)<BR>Wed May 26 20:30:20 2010 :
Debug: Module: Linked to module rlm_attr_filter<BR>Wed May 26 20:30:20
2010 : Debug: Module: Instantiating attr_filter.access_reject<BR>Wed May
26 20:30:20 2010 : Debug: ****** attr_filter_instantiate <BR>Wed May 26
20:30:20 2010 : Debug: attr_filter attr_filter.access_reject
{<BR>Wed May 26 20:30:20 2010 : Debug: attrsfile =
"/usr/local/etc/raddb/attrs.access_reject"<BR>Wed May 26 20:30:20 2010 :
Debug: key = "%{User-Name}"<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: ****** getattrsfile
<BR>Wed May 26 20:30:20 2010 : Debug: } # modules<BR>Wed May 26 20:30:20
2010 : Debug: } # server<BR>Wed May 26 20:30:20 2010 : Debug: server status
{<BR>Wed May 26 20:30:20 2010 : Debug: modules {<BR>Wed May 26 20:30:20
2010 : Debug: Module: Checking authorize {...} for more modules to
load<BR>Wed May 26 20:30:20 2010 : Debug: (Loaded
rlm_always, checking if it's valid)<BR>Wed May 26 20:30:20 2010 : Debug:
Module: Linked to module rlm_always<BR>Wed May 26 20:30:20 2010 : Debug:
Module: Instantiating ok<BR>Wed May 26 20:30:20 2010 : Debug:
always ok {<BR>Wed May 26 20:30:20 2010 : Debug: rcode =
"ok"<BR>Wed May 26 20:30:20 2010 : Debug: simulcount =
0<BR>Wed May 26 20:30:20 2010 : Debug: mpp = no<BR>Wed May
26 20:30:20 2010 : Debug: }<BR>Wed May 26 20:30:20 2010 :
Debug: } # modules<BR>Wed May 26 20:30:20 2010 : Debug: } #
server<BR>Wed May 26 20:30:20 2010 : Debug: server {<BR>Wed May 26 20:30:20
2010 : Debug: modules {<BR>Wed May 26 20:30:20 2010 : Debug:
Module: Checking authenticate {...} for more modules to load<BR>Wed May 26
20:30:20 2010 : Debug: Module: Instantiating
attr_filter.access_challenge<BR>Wed May 26 20:30:20 2010 : Debug: ******
attr_filter_instantiate <BR>Wed May 26 20:30:20 2010 : Debug:
attr_filter attr_filter.access_challenge {<BR>Wed May 26 20:30:20 2010 :
Debug: attrsfile =
"/usr/local/etc/raddb/attrs.access_challenge"<BR>Wed May 26 20:30:20 2010 :
Debug: key = "%{User-Name}"<BR>Wed May 26 20:30:20 2010 :
Debug: }<BR>Wed May 26 20:30:20 2010 : Debug: ****** getattrsfile
<BR>Wed May 26 20:30:20 2010 : Error:
/usr/local/etc/raddb/sites-enabled/default[301]: Unknown action 'override'.
<BR>Wed May 26 20:30:20 2010 : Error:
/usr/local/etc/raddb/sites-enabled/default[299]: Failed to parse "if"
subsection.<BR>root@ubuntu:/usr/local/var/log/radius# <BR><BR>Therefore, I
don't understand why this default file is not the one my server is
reading.<BR>
<DIV></DIV><BR><PRE><BR>在2010-05-26 23:10:42,"Alan DeKok" <aland@deployingradius.com> 写道:
>WWF wrote:
>>> You were told what the problem was, and how to fix it. There is no
>>>magic involved.
>>
>> Sorry, I don't know which one? If it is the
>
> You said you edited a file. The debug output showed that the file was
>not edited.
>
>> Maybe I think this is a good and only way to get some hints after my msg in http://lists.freeradius.org/pipermail/freeradius-users/2010-May/msg00596.html. It seems a long wait.
>> I am not trying to complain but really want to use the software correctly.
>
> Make sure you are editing the file that the server is reading. There
>really aren't many ways of saying that. It is *impossible* to help you
>until you edit the file that the server is reading.
>
> Alan DeKok.
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
</PRE><BR><BR><SPAN title=neteasefooter>
<HR>
<A href="http://ym.163.com/?from=od3" target=_blank>网易为中小企业免费提供企业邮箱(自主域名)</A>
</SPAN></DIV></BLOCKQUOTE></BODY></HTML>